Secure passwords

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
Oskar45
Posts: 2140
Joined: Mon Dec 05, 2005 3:35 am
Location: Vienna, Austria

Secure passwords

Unread postby Oskar45 » Thu Dec 30, 2010 7:43 am

How secure are yours? I use something everyone who mastered grammar school certainly knows about. Still, hackers would have a rather hard time to crack it, for sure...
Curious: the first recorded successful pregnancy brought forth a murderer...

User avatar
josehill
Moderator
Moderator
Posts: 3021
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Secure passwords

Unread postby josehill » Thu Dec 30, 2010 10:02 am

After the recent Gawker.com password fiasco, I've been refreshing many of my accounts with a range of new passwords.

I didn't think that I'd be affected by the Gawker problems, since I don't remember ever signing into or caring about the site, but it turns out that they own a bunch of other sites and use the same authentication system for all of them. I made a comment on one of them, Lifehacker.com, years ago, and I used that username/password pair on a bunch of non-essential sites, so my credentials were compromised.

ratfink
Posts: 169
Joined: Wed Jul 16, 2003 10:53 am
Location: Mesilla, New Mexico
Contact:

Re: Secure passwords

Unread postby ratfink » Thu Dec 30, 2010 4:51 pm

My trick is to start with a phrase I'll easily remember, like:

Oh no you don't!

Then start mangling by replacing letters with numbers or symbols that look similar as well. The trick is to use the conversion inconsistantly;

0h_nO-Y0u_d0N'T!

The other trick is to try several variations until you find a combination that rolls off your fingers well.

Geof
--
:O2000: :Fuel: :Octane: :Octane2: :O2: +MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster

User avatar
foetz
Posts: 5530
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: Secure passwords

Unread postby foetz » Sat Jan 01, 2011 7:21 am

for online accounts i only use generated stuff as well as for local services that can be reached from the outside
r-a-c.de

User avatar
miod
Posts: 311
Joined: Fri Oct 09, 2009 2:44 am
Location: Orgerus (France)
Contact:

Re: Secure passwords

Unread postby miod » Sat Jan 01, 2011 1:47 pm

Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
:Indigo:R4000 :Indigo:R4000 :Indigo:R4000 :Indigo2:R4400 :Indigo2IMP:R4400 :Indigo2:R8000 :Indigo2IMP:R10000 :Indy:R4000PC :Indy:R4000SC :Indy:R4600 :Indy:R5000SC :O2:R5000 :O2:RM7000 :Octane:2xR10000 :Octane:R12000 :O200:2xR12000 :O200: - :O200:2x2xR10000 :Fuel:R16000 :O3x0:4xR16000 :A350:
among more than 150 machines : Apollo, Data General, Digital, HP, IBM, MIPS before SGI, Motorola, NeXT, SGI, Solbourne, Sun...

User avatar
josehill
Moderator
Moderator
Posts: 3021
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Secure passwords

Unread postby josehill » Sat Jan 01, 2011 2:45 pm

foetz wrote:for online accounts i only use generated stuff as well as for local services that can be reached from the outside

Hey, foetz, great to see you here again!

Do you use a password manager to "remember" the generated passwords? If so, is there a particular one that you recommend?

User avatar
Oskar45
Posts: 2140
Joined: Mon Dec 05, 2005 3:35 am
Location: Vienna, Austria

Re: Secure passwords

Unread postby Oskar45 » Sun Jan 02, 2011 9:19 am

miod wrote:Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
pi=4,25?
Curious: the first recorded successful pregnancy brought forth a murderer...

ratfink
Posts: 169
Joined: Wed Jul 16, 2003 10:53 am
Location: Mesilla, New Mexico
Contact:

Re: Secure passwords

Unread postby ratfink » Sun Jan 02, 2011 10:21 am

The main reason I don't use generated password is they are too hard to remember. If they are phrase based, I can make them relatively easy to remember. I used to play the middle row of the keyboard (asdfghjkl) into the white keys of a piano (cdefgabcd) with the upper row (we-tyu-op) into black keys (c#d#-f#g#a#-c#d#) and the make my passwords into musical motifs. For instance, in C-major, the password 'adgfdsasaaasssdddfasdfdfghghjk' is the main theme of Beethovens 5th symphony, 4th movement. The musical approach was basically to build long passwords that where easily remembered. Unfortunately, many system now require mixed upper/lower/number/symbols which makes the musical approach harder. If I can't remember a password, and have to lookitup, it's not very useful to me.

Geof
--
:O2000: :Fuel: :Octane: :Octane2: :O2: +MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster

Pontus
Posts: 602
Joined: Thu May 08, 2008 12:12 pm
Location: Uppsala, Sweden

Re: Secure passwords

Unread postby Pontus » Tue Jan 04, 2011 5:41 am

I think this comic sums up my thoughts on the matter.
Image
:Onyx2R: :IRIS3130: :Onyx2: :O2000: :O200: :PI: :Fuel: :Indigo: :Octane: :O2: :Indigo2IMP: :Indigo2: :Indy: :1600SW: :pdp8e:
:BA213: <- MicroVAX 3500 :BA213: <- DECsystem 5500 :BA215: <- MicroVAX 3300
Pictures of my collection: www.pdp8.se

User avatar
miod
Posts: 311
Joined: Fri Oct 09, 2009 2:44 am
Location: Orgerus (France)
Contact:

Re: Secure passwords

Unread postby miod » Tue Jan 04, 2011 3:06 pm

Oskar45 wrote:
miod wrote:Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
pi=4,25?

Definitely too weak.

Try using ``pi=14.3'' instead.
:Indigo:R4000 :Indigo:R4000 :Indigo:R4000 :Indigo2:R4400 :Indigo2IMP:R4400 :Indigo2:R8000 :Indigo2IMP:R10000 :Indy:R4000PC :Indy:R4000SC :Indy:R4600 :Indy:R5000SC :O2:R5000 :O2:RM7000 :Octane:2xR10000 :Octane:R12000 :O200:2xR12000 :O200: - :O200:2x2xR10000 :Fuel:R16000 :O3x0:4xR16000 :A350:
among more than 150 machines : Apollo, Data General, Digital, HP, IBM, MIPS before SGI, Motorola, NeXT, SGI, Solbourne, Sun...

User avatar
guardian452
Posts: 2928
Joined: Tue Aug 21, 2007 10:12 pm
Contact:

Re: Secure passwords

Unread postby guardian452 » Thu Jan 06, 2011 7:01 am

A root password on a well-used machine here at school was "ribbed for her pleasure"

I use random goobledygook numbers+letters...

User avatar
foetz
Posts: 5530
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: Secure passwords

Unread postby foetz » Thu Jan 06, 2011 7:30 am

josehill wrote:
foetz wrote:for online accounts i only use generated stuff as well as for local services that can be reached from the outside

Hey, foetz, great to see you here again!

Do you use a password manager to "remember" the generated passwords? If so, is there a particular one that you recommend?


much thanks :D

of course those kinds of passes have to be written somwhere and my intranet db is just the right place for that. it's platform independent and i can access it in all kinds of ways.
currently running with mysql and as simple as possible. looks like that:

Code: Select all

CREATE TABLE `accounts` (
  `COMPANY` varchar(100) default NULL,
  `LOGIN` varchar(50) default NULL,
  `PASS` varchar(50) default NULL,
  `id` int(11) NOT NULL auto_increment,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;

just an example but something like that does the job for me
r-a-c.de

User avatar
IndyFred
Posts: 297
Joined: Mon Mar 06, 2006 11:52 am
Location: Denver, Colorado
Contact:

Re: Secure passwords

Unread postby IndyFred » Mon Mar 28, 2011 7:08 am

I tend to use passwords that are 22 characters long. I know it is a pain, but it gets the job done.

User avatar
josehill
Moderator
Moderator
Posts: 3021
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Secure passwords

Unread postby josehill » Mon Mar 28, 2011 7:42 am

Keep in mind that many systems, including IRIX 6.5, only recognize the first eight characters of a password.

User avatar
skywriter
Posts: 3102
Joined: Fri Mar 14, 2003 6:22 am
Location: living in a linux-blunderland
Contact:

Re: Secure passwords

Unread postby skywriter » Mon Mar 28, 2011 8:00 am

9 character, mixed case alpha, numerical, with special characters. One for each account kept in my head via muscle memory.
:Skywriter:

DECUS Member 368596


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest